# Concepts

- [Guardian & Interceptor](/concepts/guardian.md)
- [Ruleset Policies](/concepts/guardian/ruleset_policies.md)
- [Workload Policies](/concepts/guardian/workload_policies.md): Workload Policies define allowed process and network activity for containers and Linux services, alerting or blocking deviations from expected behavior.
- [Flashback (Go Back In Time)](/concepts/flashback.md)
- [Investigations](/concepts/flashback/investigations.md): Overview of Process Investigations in the Spyderbat Console — the Records Panel, Causal Tree, and Details Panel for visual causal analysis of Spydertraces.
- [Search](/concepts/search.md): Detailed overview of the Search tab in the console and the Spyderbat search language it uses.
- [Saved Searches](/concepts/search/saved-search.md): Store and reuse search queries in Spyderbat. Enable notifications and SIEM forwarding on saved queries to automate alerting and event delivery.
- [Summarize](/concepts/summarize.md)
- [Spydertrace Summarize](/concepts/summarize/spydertrace-summarize.md)
- [Dashboards](/concepts/dashboards.md): Detailed overview of the Dashboard section of the console, including collected types of data, data management (sorting, filtering and grouping), and shortest path to investigating suspicious activity.
- [Dashboard Categories](/concepts/dashboards/spyderbat-dashboard-categories.md): The seven built-in dashboard categories in Spyderbat: Security, User Tracking, Policy, Operations, Network, Inventory, and Kubernetes. Includes the full list of default cards in each category.
- [Reports](/concepts/reports.md): Overview of the Reporting section of the console, including report creation, review, download and printing.
- [Notifications](/concepts/notifications.md): Get notified when Spyderbat detects operations issues or suspicious behavior at runtime in your environment.
- [Notification Targets](/concepts/notifications/notification-targets.md)
- [Notification Templates](/concepts/notifications/notification-templates.md)
- [Actions](/concepts/actions.md): Overview of manual response actions that can be executed in the UI, including killing a process or killing a pod.
- [Integrations](/concepts/integrations.md): Integrate Spyderbat with your existing security infrastructure — route events to your SIEM, connect AWS accounts, and forward data to external tools.
- [SIEM Forwarding](/concepts/integrations/siem-forwarding.md): How Spyderbat SIEM forwarding works — enabling forwarding on saved queries and deploying the Event Forwarder to deliver events to your SIEM.
- [AWS Integration](/concepts/integrations/aws.md): Overview of the AWS Context Integration using the AWS Agent
- [Spyderbat Event Forwarder](/concepts/integrations/spyderbat-event-forwarder.md): The Spyderbat Event Forwarder polls the SIEM forwarding API and delivers events to your SIEM, log management platform, or any HTTP endpoint.
- [Suppression & Tuning](/concepts/suppression.md)
- [Scout (Detections)](/concepts/scout.md)
- [Spydertraces](/concepts/scout/spydertraces.md): A Spydertrace is a causally connected record of system activity. This page explains how traces are triggered, scored, and reviewed by analysts.
- [Custom Flags](/concepts/scout/custom-flags.md)